b'Final Assessment Report 08-01, November 1, 2007, \xe2\x80\x9cGPO Network Vulnerability\nAssessment\xe2\x80\x9d\n\nThe GPO Office of Inspector General (OIG) completed a vulnerability assessment of the\nGPO enterprise network infrastructure to evaluate the level of security controls in place\nthat help protect the Agency\xe2\x80\x99s information technology (IT) resources from unauthorized\naccess and compromise. We conducted our assessment using vulnerability scanning tools\nthe OIG selected and the GPO Information Technology and Systems Security Division\napproved. We limited our assessment to the area between GPO\xe2\x80\x99s Internet service\nprovider and the outermost firewall interface where GPO\xe2\x80\x99s publicly available network\nresources, such as GPO Access, are hosted. That area is commonly referred to as the\ndemilitarized zone, or DMZ. Our specific assessment objectives were to determine\nwhether GPO:\n\n   \xe2\x80\xa2   Maintained a robust and effective vulnerability scanning and management\n       program that identified and circumvented common internal and external threats to\n       its network.\n\n   \xe2\x80\xa2   Used passwords in the DMZ strong enough to prevent brute force attacks.\n\n   \xe2\x80\xa2   Patched systems in the DMZ in a timely and effective manner.\n\nThe OIG issued a sensitive report that found room for improvement and made\nrecommendations to help strengthen security of the publicly available network resources\nat GPO, but also reduce the risk of system compromise and loss of availability. GPO\nmanagement concurred with each of the report\xe2\x80\x99s recommendations and has initiated\nresponsive corrective actions.\n\x0c'